CWE-79

A vulnerability, which was classified as problematic, was found in SourceCodester Wedding Hall Booking System. This affects an unknown part of the file /whbs/admin/?page=user of the component Staff User Profile. The manipulation of the argument First Name/Last Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205815.

The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘caption’ parameter added to images via the media uploader in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the Beaver Builder editor and the ability to upload media files to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. The URL parameters are not correctly sanitized, leading to reflected XSS.

A vulnerability has been found in SourceCodester Apartment Visitor Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /manage-apartment.php. The manipulation of the argument Apartment Number with the input leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205672.